Question

We are having some issues with newer firmware versions not supporting iprange anymore. This is an issue with our configuration. We can get around it by setting custom routing rules, which do work, but then we have to manually create rules in the webui for all teltonika's, which is a lot of work. Subnet masks work, but aren't the right method for our situation, as it would open up way more ip addresses than we want.

Now, my thought process was, that if I can export the iptables list, I could import it at other devices. But the RUT955 uses Busybox and that's not supported. Now, I'm a bit at a loss right now. Is there an easy way to convert the line below to for example a custom rule?

zone_wan_dest_ACCEPT tcp -- 10.10.202.173 anywhere /* !fw3: allow 3 */

If that could be inserted somehow into the custom rules in the webui, I could modify it easily to include all addresses.

I hope someone can help me.

Answer 1

Hi,
 

I believe the only way to do this would be to have your own made script that would translate these lines format into a format that could be executed in CLI. So basically you need to identify parts of the line you copied, insert them into iptables format, and execute it when it's all in place.

EB.

Comments

That shouldn't be necessary. 

I was playing around and iptables -S gives me a decent result that I can put iptables in front of to get a result that at least looks ok. 

So I end up with this: 

iptables -A FORWARD -s 10.10.202.170/32 -p tcp -m comment --comment "!fw3:10.10.202.170" -j zone_wan_dest_ACCEPT

But putting that in the custom rules doesn't seem to work. The line gets added to iptables, but it doesn't seem to work

---

Did you try with iptables -I instead of iptables -A ?